[NT] Novell GroupWise Information Disclosure



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Novell GroupWise Information Disclosure
------------------------------------------------------------------------


SUMMARY

" <http://www.novell.com/products/groupwise/> Novell GroupWise is a
complete collaboration software solution that provides information workers
with e-mail, calendaring, instant messaging, task management, and contact
and document management functions. "

Improper API function design allows attackers to gain information on users
using Novell GroupWise.

DETAILS

Vulnerable Systems:
* Novell GroupWise version 5.x
* Novell GroupWise version 6.0
* Novell GroupWise version 6.5
* Novell GroupWise version 7
* Novell GroupWise version 32-bit Client

Immune Systems:
* GroupWise version 7 SP1
* GroupWise version 6.5 SP6 Client Update 1

A security vulnerability exists in the GroupWise Windows Client API that
can allow random programmatic access to non-authorized email within the
same authenticated post office.

Vendor Status:
The vendor has issued a patch:

* GroupWise 6.5: <http://support.novell.com/filefinder/16963/index.html>
http://support.novell.com/filefinder/16963/index.html
* GroupWise 7: <http://support.novell.com/filefinder/20641/index.html>
http://support.novell.com/filefinder/20641/index.html

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3268>
CVE-2006-3268


ADDITIONAL INFORMATION

The information has been provided by <mailto:jshort@xxxxxxxxxx> Jim
Short.



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.